We should update to Bootstrap 3.4.1

M4rt1n · December 6, 2019, 10:29am

Due to a XSS vulnerability we should update bootstrap to at least 3.4.1.
This version should be compatible with 3.3.x so it also should be compatible with our version 3.3.7

Here the official bootstrap announcement

Links:

Already created a Ticket for this
https://development.invoiceplane.com/browse/IP-766

Luca_Pellizzari · December 12, 2019, 3:45pm

Opened a PR:

github.com/InvoicePlane/InvoicePlane

updated Bootstrap to 3.4.1 for vulnerability reasons, and others

InvoicePlane:master ← KirkBushman:master

opened 03:37PM - 12 Dec 19 UTC

KirkBushman

+895 -725

Hi, as said in slack, and regarding this post: https://community.invoiceplane.c…om/t/topic/8502 I've updated bootstrap dependencies to 3.4.1, but in order to do that I had to go through all the errors and warning while building with an updated environment to todays repos versions. This led to updating deps, updating grunt (hard to make it work without that), php deps. I've also fixed a couple of errors in the setup process. One was a problem with HMVC plugin in Codeigniter and php 7. As soon as you merge, I can merge the it version, Thanks in advance.